Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
1N3
GitHub Repository: 1N3/Sn1per
 Path: blob/master/sniper.conf
2951 views
1
INSTALL_DIR="/usr/share/sniper"

2
SNIPER_PRO=$INSTALL_DIR/pro.sh

3
PLUGINS_DIR="$INSTALL_DIR/plugins"

4


5
# COLORS

6
OKBLUE='\033[94m'

7
OKRED='\033[91m'

8
OKGREEN='\033[92m'

9
OKORANGE='\033[93m'

10
RESET='\e[0m'

11
REGEX='^[0-9]+$'

12


13
# AUX MODE OVERRIDE

14
# AUTO_BRUTE="0"

15
# FULLNMAPSCAN="0"

16
# OSINT="0"

17
VULNSCAN="0"

18


19
# DEFAULT SETTINGS

20
ENABLE_AUTO_UPDATES="1"

21
REPORT="1"

22
LOOT="1"

23


24
# OUT OF SCOPE

25
OUT_OF_SCOPE=("www.sn1persecurity.com" "sn1persecurity.com" "*.sn1persecurity.com")

26


27
# SN1PER PROFESSIONAL SETTINGS

28
SNIPER_PRO_CONSOLE_OUTPUT="0"

29
SN1PER_AUTOLOAD="0"

30
MAX_HOSTS="2000"

31


32
# DEFAULT BROWSER

33
BROWSER="firefox"

34


35
# BURP 2.0 SCANNER CONFIG

36
BURP_HOST="127.0.0.1"

37
BURP_PORT="1338"

38


39
# OPENVAS CONFIG

40
OPENVAS="0"

41
OPENVAS_HOST="127.0.0.1"

42
OPENVAS_PORT="9390"

43
OPENVAS_USERNAME="admin"

44
OPENVAS_PASSWORD=""

45
OPENVAS_RUNAS_USER="kali"

46


47
# NESSUS CONFIG

48
NESSUS="0"

49
NESSUS_HOST="127.0.0.1:8834"

50
NESSUS_USERNAME="admin"

51
NESSUS_PASSWORD=""

52
NESSUS_POLICY_ID="c3cbcd46-329f-a9ed-1077-554f8c2af33d0d44f09d736969bf"

53


54
# METASPLOIT SCANNER CONFIG

55
METASPLOIT_IMPORT="0"

56
MSF_LHOST="127.0.0.1"

57
MSF_LPORT="4444"

58


59
# SHODAN API KEY

60
SHODAN_API_KEY=""

61


62
# CENSYS API KEYS

63
CENSYS_APP_ID=""

64
CENSYS_API_SECRET=""

65


66
# HUNTER.IO API KEY

67
HUNTERIO_KEY=""

68


69
# TOMBA.IO API

70
TOMBAIO_KEY=""

71
TOMBAIO_SECRET=""

72


73
# GITHUB API KEY

74
GITHUB_API_KEY=""

75


76
# WPSCAN API KEY

77
WP_API_KEY=""

78


79
# SLACK API

80
SLACK_NOTIFICATIONS="0"

81
SLACK_NOTIFICATIONS_THEHARVESTER="0"

82
SLACK_NOTIFICATIONS_EMAIL_SECURITY="0"

83
SLACK_NOTIFICATIONS_DOMAINS_NEW="0"

84
SLACK_NOTIFICATIONS_TAKEOVERS_NEW="0"

85
SLACK_NOTIFICATIONS_SUBOVER_NEW="0"

86
SLACK_NOTIFICATIONS_SUBJACK_NEW="0"

87
SLACK_NOTIFICATIONS_S3_BUCKETS="0"

88
SLACK_NOTIFICATIONS_SUBNETS="0"

89
SLACK_NOTIFICATIONS_DIRSEARCH_NEW="0"

90
SLACK_NOTIFICATIONS_SPIDER_NEW="0"

91
SLACK_NOTIFICATIONS_WHATWEB="0"

92
SLACK_NOTIFICATIONS_NMAP="0"

93
SLACK_NOTIFICATIONS_NMAP_DIFF="0"

94
SLACK_NOTIFICATIONS_BRUTEFORCE="0"

95
SLACK_NOTIFICATIONS_WHOIS="0"

96
SLACK_NOTIFICATIONS_METAGOOFIL="0"

97
SLACK_NOTIFICATIONS_ARACHNI_SCAN="0"

98
SLACK_NOTIFICATIONS_EMAIL_FORMAT="0"

99


100
# ACTIVE WEB BRUTE FORCE STAGES

101
WEB_BRUTE_STEALTHSCAN="1"

102
WEB_BRUTE_COMMONSCAN="1"

103
WEB_BRUTE_FULLSCAN="0"

104
WEB_BRUTE_EXPLOITSCAN="0"

105
WEB_JAVASCRIPT_ANALYSIS="1"

106
MAX_JAVASCRIPT_FILES="25"

107


108
# WEB BRUTE FORCE WORDLISTS

109
WEB_BRUTE_STEALTH="$INSTALL_DIR/wordlists/web-brute-stealth.txt"

110
WEB_BRUTE_COMMON="$INSTALL_DIR/wordlists/web-brute-common.txt"

111
WEB_BRUTE_FULL="$INSTALL_DIR/wordlists/web-brute-full.txt"

112
WEB_BRUTE_EXPLOITS="$INSTALL_DIR/wordlists/web-brute-exploits.txt"

113
WEB_BRUTE_EXTENSIONS="htm,html,asp,aspx,php,jsp,js"

114
WEB_BRUTE_EXCLUDE_CODES="400,403,404,405,406,429,500,502,503,504"

115


116
# GREP PATTERNS

117
STATIC_GREP_SEARCH="1"

118
GREP_MAX_LINES="10"

119
GREP_INTERESTING_SUBDOMAINS="admin|jenkins|test|proxy|stage|test|dev|devops|staff|db|qa|internal"

120
GREP_EXTENSIONS="\.action|\.adr|\.ascx|\.asmx|\.axd|\.backup|\.bak|\.bkf|\.bkp|\.bok|\.achee|\.cfg|\.cfm|\.cgi|\.cnf|\.conf|\.config|\.crt|\.csr|\.csv|\.dat|\.doc|\.docx|\.eml|\.env|\.exe|\.gz|\.ica|\.inf|\.ini|\.java|\.json|\.key|\.log|\.lst|\.mai|\.mbox|\.mbx|\.md|\.mdb|\.nsf|\.old|\.ora|\.pac|\.passwd|\.pcf|\.pdf|\.pem|\.pgp|\.pl| plist|\.pwd|\.rdp|\.reg|\.rtf|\.skr|\.sql|\.swf|\.tpl|\.txt|\.url|\.wml|\.xls|\.xlsx|\.xml|\.xsd|\.yml"

121
GREP_PARAMETERS="template=|preview=|id=|view=|activity=|name=|content=|redirect=|(&|[?])access(&|=)|(&|[?])admin(&|=)|(&|[?])dbg(&|=)|(&|[?])debug(&|=)|(&|[?])edit(&|=)|(&|[?])grant(&|=)|(&|[?])test(&|=)|(&|[?])alter(&|=)|(&|[?])clone(&|=)|(&|[?])create(&|=)|(&|[?])delete(&|=)|(&|[?])disable(&|=)|(&|[?])enable(&|=)|(&|[?])exec(&|=)|(&|[?])execute(&|=)|(&|[?])load(&|=)|(&|[?])make(&|=)|(&|[?])modify(&|=)|(&|[?])rename(&|=)|(&|[?])reset(&|=)|(&|[?])shell(&|=)|(&|[?])toggle(&|=)|(&|[?])adm(&|=)|(&|[?])root(&|=)|(&|[?])cfg(&|=)|(&|[?])dest(&|=)|(&|[?])redirect(&|=)|(&|[?])uri(&|=)|(&|[?])path(&|=)|(&|[?])continue(&|=)|(&|[?])url(&|=)|(&|[?])window(&|=)|(&|[?])next(&|=)|(&|[?])data(&|=)|(&|[?])reference(&|=)|(&|[?])site(&|=)|(&|[?])html(&|=)|(&|[?])val(&|=)|(&|[?])validate(&|=)|(&|[?])domain(&|=)|(&|[?])callback(&|=)|(&|[?])return(&|=)|(&|[?])feed(&|=)|(&|[?])host(&|=)|(&|[?])port(&|=)|(&|[?])to(&|=)|(&|[?])out(&|=)|(&|[?])view(&|=)|(&|[?])dir(&|=)|(&|[?])show(&|=)|(&|[?])navigation(&|=)|(&|[?])open(&|=)|(&|[?])file(&|=)|(&|[?])document(&|=)|(&|[?])folder(&|=)|(&|[?])pg(&|=)|(&|[?])php_path(&|=)|(&|[?])style(&|=)|(&|[?])doc(&|=)|(&|[?])img(&|=)|(&|[?])filename(&|=)|id=|select=|report=|role=|update=|query=|user=|name=|sort=|where=|search=|params=|process=|row=|view=|table=|from=|sel=|results=|sleep=|fetch=|order=|keyword=|column=|field=|delete=|string=|number=|filter=|(&|[?])callback=|(&|[?])cgi-bin/redirect.cgi|(&|[?])checkout=|(&|[?])checkout_url=|(&|[?])continue=|(&|[?])data=|(&|[?])dest=|(&|[?])destination=|(&|[?])dir=|(&|[?])domain=|(&|[?])feed=|(&|[?])file=|(&|[?])file_name=|(&|[?])file_url=|(&|[?])folder=|(&|[?])folder_url=|(&|[?])forward=|(&|[?])from_url=|(&|[?])go=|(&|[?])goto=|(&|[?])host=|(&|[?])html=|(&|[?])image_url=|(&|[?])img_url=|(&|[?])load_file=|(&|[?])load_url=|(&|[?])login_url=|(&|[?])logout=|(&|[?])navigation=|(&|[?])next=|(&|[?])next_page=|(&|[?])Open=|(&|[?])out=|(&|[?])page_url=|(&|[?])path=|(&|[?])port=|(&|[?])redir=|(&|[?])redirect=|(&|[?])redirect_to=|(&|[?])redirect_uri=|(&|[?])redirect_url=|(&|[?])reference=|(&|[?])return=|(&|[?])return_path=|(&|[?])return_to=|(&|[?])returnTo=|(&|[?])return_url=|(&|[?])rt=|(&|[?])rurl=|(&|[?])show=|(&|[?])site=|(&|[?])target=|(&|[?])to=|(&|[?])uri=|(&|[?])url=|(&|[?])val=|(&|[?])validate=|(&|[?])view=|(&|[?])window=|daemon=|upload=|dir=|execute=|download=|log=|ip=|cli=|cmd=|file=|document=|folder=|root=|path=|pg=|style=|pdf=|template=|php_path=|doc=|page=|name=|id=|user=|account=|number=|order=|no=|doc=|key=|email=|group=|profile=|edit=|report=|access=|admin=|dbg=|debug=|edit=|grant=|test=|alter=|clone=|create=|delete=|disable=|enable=|exec=|execute=|load=|make=|modify=|rename=|reset=|shell=|toggle=|adm=|root=|cfg=|config="

122
GREP_XSS="q=|s=|search=|lang=|keyword=|query=|page=|keywords=|year=|view=|email=|type=|name=|p=|callback=|jsonp=|api_key=|api=|password=|email=|emailto=|token=|username=|csrf_token=|unsubscribe_token=|id=|item=|page_id=|month=|immagine=|list_type=|url=|terms=|categoryid=|key=|l=|begindate=|enddate="

123
GREP_SSRF="access|admin|dbg|debug|edit|grant|test|alter|clone|create|delete|disable|enable|exec|execute|load|make|modify|rename|reset|shell|toggle|adm|root|cfg|dest|redirect|uri|path|continue|url|window|next|data|reference|site|html|val|validate|domain|callback|return|page|feed|host|port|to|out|view|dir|show|navigation|open"

124
GREP_REDIRECT="forward=|dest=|redirect=|uri=|path=|continue=|url=|window=|to=|out=|view=|dir=|show=|navigation=|Open=|file=|val=|validate=|domain=|callback=|return=|page=|feed=|host=|port=|next=|data=|reference=|site=|html="

125
GREP_RCE="daemon|upload|dir|execute|download|log|ip|cli|cmd"

126
GREP_IDOR="id|user|account|number|order|no|doc|key|email|group|profile|edit|report"

127
GREP_SQL="id|select|report|role|update|query|user|name|sort|where|search|params|process|row|view|table|from|sel|results|sleep|fetch|order|keyword|column|field|delete|string|number|filter"

128
GREP_LFI="file|document|folder|root|path|pg|style|pdf|template|php_path|doc"

129
GREP_SSTI="template|preview|id|view|activity|name|content|redirect"

130
GREP_DEBUG="access|admin|dbg|debug|edit|grant|test|alter|clone|create|delete|disable|enable|exec|execute|load|make|modify|rename|reset|shell|toggle|adm|root|cfg|config"

131


132
# DOMAIN WORDLISTS

133
DOMAINS_QUICK="$INSTALL_DIR/wordlists/domains-quick.txt"

134
DOMAINS_DEFAULT="$INSTALL_DIR/wordlists/domains-default.txt"

135
# DOMAINS_FULL="$INSTALL_DIR/wordlists/domains-all.txt"

136


137
# DEFAULT USER/PASS WORDLISTS

138
USER_FILE="/usr/share/brutex/wordlists/simple-users.txt"

139
PASS_FILE="/usr/share/brutex/wordlists/password.lst"

140
DNS_FILE="/usr/share/brutex/wordlists/namelist.txt"

141


142
# TOOL DIRECTORIES

143
SAMRDUMP="$INSTALL_DIR/bin/samrdump.py"

144
INURLBR="$INSTALL_DIR/bin/inurlbr.php"

145


146
# FLYOVER MODE TUNING

147
FLYOVER_MAX_HOSTS="5"

148
FLYOVER_DELAY="10"

149


150
# NMAP OPTIONS

151
NMAP_OPTIONS="--script-args http.useragent='' --open"

152


153
# NMAP PORT CONFIGURATIONS

154
QUICK_PORTS="21,22,80,443,8000,8080,8443"

155
DEFAULT_PORTS="10000,1099,110,111,123,135,137,139,1433,1524,161,162,16992,2049,21,2121,2181,22,23,25,264,27017,27018,27019,28017,3128,3306,3310,3389,3632,389,443,4443,445,49152,49180,500,512,513,514,53,5432,5555,5800,5900,5984,623,624,6667,67,68,69,7001,79,80,8000,8001,8080,8180,8443,8888,9200,9495"

156
FULL_PORTSCAN_PORTS="T:1-65535,U:53,U:67,U:68,U:69,U:88,U:161,U:162,U:137,U:138,U:139,U:389,U:500,U:520,U:2049"

157
THREADS="100"

158


159
# NETWORK PLUGINS

160
NMAP_SCRIPTS="1"

161
METASPLOIT_EXPLOIT="1"

162
MSF_LEGACY_WEB_EXPLOITS="0"

163
SSH_AUDIT="1"

164
SSH_ENUM="1"

165
LIBSSH_BYPASS="1"

166
SMTP_USER_ENUM="1"

167
FINGER_TOOL="1"

168
SHOW_MOUNT="1"

169
RPC_INFO="1"

170
SMB_ENUM="1"

171
AMAP="0"

172


173
# OSINT PLUGINS

174
WHOIS="1"

175
GOOHAK="1"

176
INURLBR="1"

177
THEHARVESTER="1"

178
METAGOOFIL="1"

179
HUNTERIO="0"

180
TOMBAIO="0"

181
INTODNS="1"

182
EMAILFORMAT="1"

183
ULTRATOOLS="1"

184
URLCRAZY="1"

185
VHOSTS="0"

186
H8MAIL="0"

187
GITHUB_SECRETS="0"

188
URLSCANIO="1"

189


190
# DYNAMIC APPLICATION SCANNERS

191
BURP_SCAN="0"

192
ARACHNI_SCAN="0"

193
ZAP_SCAN="0"

194


195
# ACTIVE WEB PLUGINS

196
SC0PE_VULNERABLITY_SCANNER="1"

197
NUCLEI="1"

198
DIRSEARCH="1"

199
GOBUSTER="0"

200
NIKTO="0"

201
BLACKWIDOW="1"

202
INJECTX="1"

203
CLUSTERD="0"

204
WPSCAN="0"

205
CMSMAP="0"

206
WAFWOOF="1"

207
WHATWEB="1"

208
WIG="0"

209
SHOCKER="0"

210
JEXBOSS="0"

211
WEBTECH="1"

212
SSL_INSECURE="1"

213
HTTP_PROBE="0"

214
SMUGGLER="1"

215


216
# PASSIVE WEB PLUGINS

217
WAYBACKMACHINE="1"

218
SSL="1"

219
PASSIVE_SPIDER="1"

220
GAU="1"

221
HACKERTARGET="1"

222
CUTYCAPT="0"

223
WEBSCREENSHOT="1"

224


225
# EMAIL PLUGINS

226
SPOOF_CHECK="1"

227


228
# RECON PLUGINS

229
SUBHIJACK_CHECK="0"

230
AQUATONE="0"

231
SLURP="0"

232
SUBLIST3R="0"

233
AMASS="0"

234
SUBFINDER="0"

235
DNSCAN="0"

236
CRTSH="1"

237
SUBOVER="0"

238
PROJECT_SONAR="1"

239
CENSYS_SUBDOMAINS="0"

240
SUBNET_RETRIEVAL="1"

241
SUBJACK="0"

242
ALT_DNS="0"

243
MASS_DNS="0"

244
DNSGEN="0"

245
SHODAN="0"

246
ASN_CHECK="1"

247
SPYSE="0"

248
SUBBRUTE_DNS="0"

249
GITHUB_SUBDOMAINS="0"

250
RAPIDDNS="1"

251
SCAN_ALL_DISCOVERED_DOMAINS="0"

252